Hi @GarrettMelvin @BenClark - GeoEvent Server/Manager was designed to be an administrator facing application. The original intent was that a administrator would access GeoEvent Manager, configure the necessary GeoEvent Services, and then non-admins would consume the outputs of the GeoEvent Services (e.g. feature layers or stream layers updated in real-time, emails, etc). Thought about another way, GeoEvent Manager provides an authenticated user some really powerful settings that could make or break an organization's solutions. Changing just one suite of setting, such as the incident detector settings for example, could impact multiple downstream GeoEvent Services in a way that might not be clear to the user who made the change to begin with when thinking about their own GeoEvent Service. That's primarily why GeoEvent Server is admin-facing. GeoEvent Manager was never designed with different user views in mind because of the way the application broadly exposes global settings and integrates with sometimes sensitive systems/APIs. It was also largely built before the whole notion of Portal/user types was mainstream.
If this doesn't sound exactly ideal, we agree! That's why we worked to improve upon this situation in ArcGIS Velocity by building the entire application with a focus on supporting different user types, roles, privileges and more.
Coming back to GeoEvent -- While its possible to login to GeoEvent Manager as an ArcGIS Server "publisher" role, you really won't be able to do much other than see what's been configured. In fact, GeoEvent Manager will display a warning message about using a non-admin account, and upon trying to take an action such as creating/editing an input connector, the user will be signed out altogether. Its not a great user experience, and I certainly wouldn't offer it as an answer to "Is there any way to grant access to this tool without also allowing full admin rights?". You can't really do much as an ArcGIS Server "publisher". You need to be an ArcGIS Server "admin" at a minimum.
"...Does that mean we cannot add user accounts to access GeoEvent Manager on a non-federated server, unless they are an administrative account? " - I would say this is accurate, yes.
I would recommend not federating GeoEvent Server with Portal. Instead, keep GeoEvent Server standalone and in the underlying ArcGIS Server for GeoEvent, create an ArcGIS Server admin account. This admin account won't have any admin privileges' in respect to the Portal (which has its own separate user store) unless the person with this account chose to federate. For all intents and purposes, its an admin of the GeoEvent Server + ArcGIS Server in isolation. This "ArcGIS Server admin" doesn't have any relevancy/link to the Portal and its user store. You would not be creating an administrator account of the Portal. Again, I know this isn't ideal because there might be one-off nuanced security/access concerns to consider, but this approach keeps a degree of admin separation.
I hope this helps clear things up! Message me if you have other questions about what I wrote.
